Earlier this week, scientists announced the discovery of phosphine on Venus, a potential signature of life. Now, in an amazing coincidence, a European and Japanese spacecraft is about to fly past the planet – and could confirm the discovery.
On Monday, September 14, a team of scientists said they had found evidence for phosphine in the atmosphere of Venus. The region in which it was found, about 50 kilometers above the surface, is outside the harsh conditions on the Venusian surface, and could be a habitat for airborne microbes.
[…]
And as luck would have it, a joint mission comprising two spacecraft – one from the European Space Agency (ESA) and the other from the Japanese space agency (JAXA) – is about to fly past Venus that could tell us for sure.
BepiColombo, launched in 2018, is on its way to enter orbit around Mercury, the innermost planet of the Solar System. But to achieve that it plans to use two flybys of Venus to slow itself down, one on October 15, 2020, and another on August 10, 2021.
BepiColombo launched on October 19, 2018.
AFP via Getty Images
The teams running the spacecraft already had plans to observe Venus during the flyby. But now, based on this detection of phosphine from telescopes on Earth, they are now planning to use both of these flybys to look for phosphine using an instrument on the spacecraft.
“We possibly could detect phosphine,” says ESA’s Johannes Benkhoff, BepiColombo’s Project Scientist. “But we do not know if our instrument is sensitive enough.”
The instrument on the European side of the mission, called MERTIS (MErcury Radiometer and Thermal Infrared Spectrometer), is designed to study the composition of the surface of Mercury. However, the team believe they can also use it to study the atmospheric composition of Venus during both flybys.
On this first flyby, the spacecraft will get no closer than 10,000 kilometers from Venus. That’s very far, but potentially still close enough to make a detection.
“There actually is something in the spectral range of MERTIS,” says Jörn Helbert from the German Aerospace Center, co-lead on the MERTIS instrument. “So we are now seeing if our sensitivity is good enough to do observations.”
Phosphine could be a biosignature of life in the Venusian atmosphere.
NASA/JPL-Caltech/Peter Rubin
As this first flyby is only weeks away, however, the observation campaign of the spacecraft is already set in stone, making the chance of a discovery slim. More promising is the second flyby next year, which will not only give the team more time to prepare, but also approach just 550 kilometers from Venus.
“[On the first flyby] we have to get very, very lucky,” says Helbert . “On the second one, we only have to get very lucky. But it’s really at the limit of what we can do.”
There’s a new development in the high-profile game of chicken between Apple and Epic. The Fortnite developer’s latest legal filing claims that Apple “cherry-picked” Google data in its own legal filing earlier this week to support its narrative that Fortnite’s declining popularity is the impetus behind all this drama.
Apple has repeatedly argued that Epic started the legal battle over Fortnite in its App Store as a publicity stunt because the game’s hypehas started to flatline. In a filing Tuesday, it said that interest in Fortnite had fallen “by nearly 70%” between October 2019 and July 2020 according to Google Trends and that Epic’s lawsuit “appears to be part of a marketing campaign designed to reinvigorate interest in Fortnite.”
But Epic’s calling bullshit on those claims, citing its own user engagement data as proof that the Fortnite hype train is still chugging along just fine, thank you.
“Over the period of time that Apple cherry-picked for its Google search volume comparison… the number of daily active users on Fortnite actually increased by more than 39%,” the company wrote in reply papers filed late Friday evening.
Not to mention that Apple’s decision to cite Google Trends, of all things, is already suspect to begin with. It measures the volume of searches for any given term, but even if people aren’t searching for Fortnite on Google as much as they used to be, that doesn’t prove a correlation between how many people are still playing or downloading the game. I’d put money on this being an Occam’s broom scenario: Apple just went with that statistic because it was the only one they found that proved their point.
As a recap, Apple booted Fortnite off its App Store in August after Epic’s theatrical attempt to circumvent its so-called “Apple Tax,” which requires that developers fork over 30% of revenue from in-app purchases for the privilege of having their app on iOS. The two have been playing a melodramatic game of tit-for-tat ever since. Epic immediately sued, of course, then Apple terminated its App Store developer account for iOS. After that, Epic vowed not to push the Aug. 27 Fortnite update to iOS or macOS in retaliation, and Apple launched a countersuit for compensatory and punitive damages, calling Epic’s actions a deliberate attempt to undermine its iOS ecosystem.
The drama is still playing out in court, with a full court hearing scheduled for Sept. 28. In the case’s first hearing in August, a judge ruled that Apple could kick Fortnite off its App Store but not Epic’s Unreal Engine. Epic has also asked the court to restore both Fortnite and its developer accountin the App Store.
It’s likely these two will continue to take jabs at one another throughout this legal drama, so you might as well settle in and grab some popcorn as these incendiary press releases keep flying.
The most widely used variant of the F-35 Joint Strike Fighter is currently unable to fly in thunderstorms after the discovery of damage to one of the systems it uses to protect itself from lightning, its prime contractor Lockheed Martin said Wednesday.
To safely fly in conditions where lightning is present, the F-35 relies on its Onboard Inert Gas Generation System, or OBIGGS, which pumps nitrogen-enriched air into the fuel tanks to inert them. Without this system, a jet could explode if struck by lightning.
However, damage to one of the tubes that distributes inert gas into the fuel tank was discovered during routine depot maintenance of an F-35A at Hill Air Force Base’s Ogden Logistics Complex in Utah, Lockheed said in a statement.
[…]
“As a safety precaution, the JPO recommended to unit commanders that they implement a lightning flight restriction for the F-35A, which restricts flying within 25 miles of lightning or thunderstorms,” Lockheed said. “We are working with the F-35 Joint Program Office (JPO) on a root cause corrective action investigation to determine next steps.”
[…]
Bloomberg, which obtained a JPO memo dated June 5, reported that flawed tubes were found in 14 of the 24 “A” models inspected.
The JPO did not respond immediately to a request for comment.
For a plane nicknamed “Lightning II,” the F-35′s lightning protection systems have, ironically, become an embarrassing problem issue for the jet at times throughout its development.
The F-35 was prohibited from flying within 25 miles of lightning in the early 2010s after the Pentagon’s weapons tester discovered deficiencies with the original OBIGGs system in getting enough inert gas into the fuel tanks. Those restrictions were rescinded after the OBIGGS was redesigned in 2014.
Facebook is again being sued for allegedly spying on Instagram users, this time through the unauthorized use of their mobile phone cameras. Bloomberg reports: The lawsuit springs from media reports in July that the photo-sharing app appeared to be accessing iPhone cameras even when they weren’t actively being used. Facebook denied the reports and blamed a bug, which it said it was correcting, for triggering what it described as false notifications that Instagram was accessing iPhone cameras.
In the complaint filed Thursday in federal court in San Francisco, New Jersey Instagram user Brittany Conditi contends the app’s use of the camera is intentional and done for the purpose of collecting “lucrative and valuable data on its users that it would not otherwise have access to.” By “obtaining extremely private and intimate personal data on their users, including in the privacy of their own homes,” Instagram and Facebook are able to collect “valuable insights and market research,” according to the complaint.
Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday.
The operation not only targets domestic dissidents, religious and ethnic minorities and antigovernment activists abroad, but can also be used to spy on the general public inside Iran, said the reports by Check Point Software Technologies, a cybersecurity technology firm, and the Miaan Group, a human rights organization that focuses on digital security in the Middle East.
The reports, which were reviewed by The New York Times in advance of their release, say that the hackers have successfully infiltrated what were thought to be secure mobile phones and computers belonging to the targets, overcoming obstacles created by encrypted applications such as Telegram and, according to Miaan, even gaining access to information on WhatsApp. Both are popular messaging tools in Iran. The hackers also have created malware disguised as Android applications, the reports said.
[…]
According to the report by Check Point’s intelligence unit, the cyberespionage operation was set up in 2014, and its full range of capabilities went undetected for six years.
[…]
The hackers appeared to have a clear goal: stealing information about Iranian opposition groups in Europe and the United States and spying on Iranians who often use mobile applications to plan protests, according to the Miaan report.
Among the most prominent victims of the attacks, the reports said, are the Mujahedeen Khalq, or M.E.K., an insurgent group that the Iranian authorities regard as a terrorist organization; a group known as the Association of Families of Camp Ashraf and Liberty Residents; the Azerbaijan National Resistance organization; citizens of Iran’s restive Sistan and Balochistan Province; and Hrana, an Iranian human rights news agency. Human rights lawyers and journalists working for Voice of America have also been targeted, Miaan said.
According to Check Point, the hackers use a variety of infiltration techniques, including phishing, but the most widespread method is sending what appear to be tempting documents and applications to carefully selected targets.
[…]
These documents contained malware code that activated a number of spyware commands from an external server when the recipients opened them on their desktops or phones. According to the Check Point report, almost all of the targets have been organizations and opponents of the government who have left Iran and are now based in Europe. Miaan documented targets in the United States, Canada and Turkey as well as the European Union.
The spyware enabled the attackers to gain access to almost any file, log clipboard data, take screenshots and steal information. According to Miaan, one application empowered hackers to download data stored on WhatsApp.
In addition, the attackers discovered a weakness in the installation protocols of several encrypted applications including Telegram, which had always been deemed relatively secure, enabling them to steal the apps’ installation files.
These files, in turn, allow the attackers to make full use of the victims’ Telegram accounts. Although the attackers cannot decipher the encrypted communications of Telegram, their strategy makes it unnecessary. Rather, they use the stolen installation files to create Telegram logins to activate the app in the victims’ names on another device. This enables the attackers to secretly monitor all Telegram activity of the victims.
“This cutting-edge surveillance operation succeeded in going under the radar for at least six years,” said Lotem Finkelstein, head of threat intelligence at Check Point. “The group maintained a multi-platform, targeted attack, with both mobile, desktop and web attack vectors, that left no evasion path for victims on the target list.”
The International Space Station has served as the world’s most unique laboratory for two decades, hosting hundreds of scientific experiments, crews of astronauts and even the occasional slime.
But now, NASA, one of the space station’s primary operators, is preparing to oversee the largest push of business activity aboard the ISS. Later this month, up to 10 bottles of a new Estée Lauder (EL) skincare serum will launch to the space station, a NASA spokesperson told CNN Business. NASA astronauts are expected to film the items in the microgravity environment of the ISS and the company will be able to use that footage in ad campaigns or other promotional material.
The details of those plans were first reported by New Scientist magazine.
If the footage is used in a commercial, it would not be the first advertisement filmed in space; nor will it be the first time NASA has worked with corporate advertisers. But it will mark one of the most high-profile cases of NASA offering up the American portion of the space station for capturing zero-gravity footage of a product.
The Estée Lauder partnership will continue NASA’s years-long push to encourage private-sector spending on space projects as the space agency looks to stretch its budget beyond the ISS and focus on taking astronauts back into deep space. Those efforts include allowing the space station to be used for marketing and entertainment purposes.
In an update to its Android Developer Program Policy, Google on Wednesday said stalkerware apps in its app store can no longer be used to stalk non-consenting adults.
Stalkerware, which the web giant defines as “code that transmits personal information off the device without adequate notice or consent and doesn’t display a persistent notification that this is happening,” may still be used for keeping track of one’s kids.
But starting October 1, 2020, the ad biz says it’s no longer acceptable for Android apps in the Google Play Store to track another person, such as a spouse, without permission, unless there’s a persistent visible notification that data is being transmitted.
The ban follows a similar prohibition in August on Google-served ads for “spyware and technology used for intimate partner surveillance,” which reportedly hasn’t worked very well.
In recent years, computer security experts have argued that the privacy and security risks in intimate relationships remain haven’t been adequately anticipated or addressed.
But rules against invasive behavior aren’t necessarily effective. Via Twitter, Michael Veale, a lecturer at University College London, observed that a 2018 research paper “found that ‘abusers frequently exploit dual-use applications—tools whose main purpose is legitimate but that can be easily repurposed to function as spyware,’ so banning explicit stalkerware of questionable efficacy.”
Google will continue to allow non-stalkerware apps (i.e. policy compliant apps) to monitor and track people, provided the programs are not marketed as surveillance apps, they disclose any such functions, and they present the requisite persistent notification and icon.
Monitoring apps of the permissible sort continue to be subject to removal for violating applicable laws in the locations where they’re published, and may not link to resources (e.g. servers, SDKs) that provide policy violating functions or non-compliant APKs hosted outside the Google Play Store.
Google’s developer policy update also includes a ban on misrepresentation, both for apps and developer accounts. Apps or accounts that impersonate a person or organization, or attempt to conceal the app’s purpose or ownership, or engage in coordinated misleading activity, are no longer allowed.
To answer the question: The tech giants will do almost anything to get your location information because it allows them to know and control you better.
IBM and the Los Angeles city attorney’s office have settled a privacy lawsuit brought after The Weather Channel app was found to be selling user location data without proper disclosure. The lawsuit was filed last year, at which point the app had 45 million active users.
IBM has changed the way that users are informed, and also agreed to donate $1M worth of technology to assist LA County with its coronavirus contact tracing efforts …
The operator of The Weather Channel mobile app has agreed to change how it informs users about its location-tracking practices and sale of personal data as part of a settlement with the Los Angeles city attorney’s office, officials said Wednesday.
City Attorney Mike Feuer alleged in a 2019 lawsuit that app users were misled when they agreed to share their location information in exchange for personalized forecasts and alerts. Instead, the lawsuit claimed users were unaware they had surrendered personal privacy when the company sold their data to third parties.
Feuer announced the settlement Wednesday with the app’s operator, TWC Product and Technology LLC, and owner IBM Corp. The app’s disclosure screens were initially revised after the lawsuit was filed and future changes that will be monitored by the city attorney’s office are planned.
The passage of the EU Copyright Directive last year represented one of the most disgraceful examples of successful lobbying and lying by the publishing, music, and film industries. In order to convince MEPs to vote for the highly controversial legislation, copyright companies and their political allies insisted repeatedly that the upload filters needed to implement Article 17 (originally Article 13) were optional, and that user rights would of course be respected online. But as Techdirt and many others warned at the time, this was untrue, as even the law’s supporters admitted once it had been passed. Now that the EU member states are starting to implement the Directive, it is clear that there is no alternative to upload filters, and that freedom of speech will therefore be massively harmed by the new law. France has even gone so far as ignore the requirement for the few user protections that the Copyright Directive graciously provides.
The EU Copyright Directive represents an almost total victory for copyright maximalists, and a huge defeat for ordinary users of the Internet in the EU. But if there is one thing that we can be sure of, it’s that the copyright industries are never satisfied. Despite the massive gains already enshrined in the Directive, a group of industry organizations from the world of publishing, music, cinema and broadcasting have written to the EU Commissioner responsible for the Internal Market, Thierry Breton, expressing their “serious concerns regarding the European Commission’s consultation on its proposed guidance on the application of Article 17 of the Directive on Copyright in the Digital Single Market (“the Directive”).” The industry groups are worried that implementation of the EU Copyright Directive will provide them with too little protection (pdf):
We are very concerned that, in its Consultation Paper, the Commission is going against its original objective of providing a high level of protection for rightsholders and creators and to create a level playing field in the online Digital Single Market. It interprets essential aspects of Article 17 of the Directive in a manner that is incompatible with the wording and the objective of the Article, thus jeopardising the balance of interests achieved by the EU legislature in Article 17.
In an Annex to the letter, the copyright industries raise four “concerns” with the proposed guidance on the implementation of Article 17. The former MEP Julia Reda, who valiantly led the resistance against the worst aspects of the Copyright Directive during its passage through the EU’s legislative system, has answered in detail all of the points in a thread on Twitter. It’s extremely clearly explained, and I urge you to read it to appreciate the full horror of what the copyright companies are claiming and demanding. But there is one “concern” of the copyright maximalists that is so outrageous that it deserves to be singled out here. Reda writes:
#Article17 clearly says that legal content must not be blocked. #Uploadfilters can’t guarantee that, so rightholders claim that this is fulfilled as long as users have the right to complain about wrongful blocking *after* it has already happened.
This completely goes against what users fought for in the negotiations and what #Article17 says, that it “shall in no way affect legitimate uses”. Of course, if all legal parodies, quotes etc. get automatically blocked by #uploadfilters, legitimate uses are affected pretty badly.
The copyright companies and their political friends tricked the European Parliament into voting through Article 17 by claiming repeatedly that it did not require upload filters, which were rightly regarded as unacceptable. Now, the companies are happy to admit that the law’s requirement to assess whether uploads are infringing before they are posted — which can only be done using algorithms to filter out infringing material — is “practically unworkable”. Instead, they want blocking to be the default when there is any doubt, forcing users to go through a process of complaining afterwards if they wish their uploads to appear. Since most people will not know how to do this, or won’t have the time or energy to do so, this will inevitably lead to vast amounts of legal material being blocked by filters.
As Reda rightly summarizes:
The entertainment industry is joining forces to push for the worst possible implementation of #Article17, which would not only require out-of-control #uploadfilters without any safeguards, but also violate fundamental rights AND the very text of Article 17 itself.
The EU Copyright Directive’s Article 17 already promises to be disastrous for user creativity and freedom of speech in the EU; unfortunately, the proposed EU guidance has some additional aspects that are problematic for end users (pdf), as a group of civil society organizations point out in their own letter to the EU Commissioner. What the industry’s demands show once again is that no matter how strong copyright is made, no matter how wide its reach, and no matter how disproportionate the enforcement powers are, publishing, music, film and broadcasting companies always want more. Their motto is clearly: “too much is never enough”.
developer relations have hit another sour note. At the company’s hardware event on Tuesday, where it announced new Apple Watch devices and iPads, Apple surprised developers with the news that it would be releasing the updated versions of its major software platforms, iOS 14, iPad OS 14, watchOS 7 and tvOS 14 on September 16, giving them less than a day to prepare.
The unexpected and accelerated timeline left many developers scrambling to ready their apps for App Review and has complicated developers’ plans for the iOS 14 launch day.
Good morning to everyone except Apple Developer Relations.
Some, like popular podcast player, Overcast, simply informed its users that its planned iOS 14 features won’t be ready.
Others are less forgiving, noting that Apple’s decision to release iOS 14 without looping in the developer community has added, as developer Steve Troughton-Smith put it, “a whole lot of unnecessary stress on developers in an otherwise stressful year.”
In addition, Apple’s decision impacts those developers who choose to wait to support iOS 14.
Typically, developers will often leverage an iOS launch day to promote their apps’ new features via press releases, blog posts and social media. News coverage from app review sites may even include roundups of notable updates to favorite apps, or highlight those apps that have taken advantage of new iOS features in interesting ways.
This year, instead, the developer community can’t worry about chasing press and accolades, as they now have to get their app ready for the iOS 14 update ahead of schedule.
In a statement, the streaming service argued Apple One will “deprive consumers by favoring its own services” and urged regulators to take action against what it perceives to be “anti-competitive behavior”.
Announced yesterday at Cupertino’s Time Flies launch event, Apple One bundles the firm’s various subscription services into a single monthly payment. The product is organised into several tiers, with the base Individual subscription retailing at £14.95 ($14.95), and including Apple Music, TV+, Arcade, and 50GB of iCloud storage. For £5 or $5 more, you can share that subscription with up to five people.
There’s also a Premier package, which costs £29.95 ($29.95) per month. In addition to the aforementioned services, this bundles Apple’s new Fitness+ product as well as News+.
In comparison, combining Netflix’s standard plan, which supports HD streaming, as well as Spotify Premium, costs roughly £20. Adding Google Play Pass and 100GB of Google One storage brings that total to £27.
This is not the first time Spotify has called upon the anvil of regulation against Apple. In June, the European Commission commenced investigations against the Apple, following complaints from Spotify about Apple’s in-app payment policies, which it alleged are designed to give an unfair advantage to its own products, like Apple Music.
The previous year, Spotify began a PR blitz called “Time to Play Fair“, again centred on the App Store payment rules and Apple’s 30 per cent cut, which it claims are driving up costs for its customers.
Last month, Microsoft patched a very interesting vulnerability that would allow an attacker with a foothold on your internal network to essentially become Domain Admin with one click. All that is required is for a connection to the Domain Controller to be possible from the attacker’s viewpoint.
Secura’s security expert Tom Tervoort previously discovered a less severe Netlogon vulnerability last year that allowed workstations to be taken over, but the attacker required a Person-in-the-Middle (PitM) position for that to work. Now, he discovered this second, much more severe (CVSS score: 10.0) vulnerability in the protocol. By forging an authentication token for specific Netlogon functionality, he was able to call a function to set the computer password of the Domain Controller to a known value. After that, the attacker can use this new password to take control over the domain controller and steal credentials of a domain admin.
The vulnerability stems from a flaw in a cryptographic authentication scheme used by the Netlogon Remote Protocol, which among other things can be used to update computer passwords. This flaw allows attackers to impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.
Secura urges everybody to install the patch on all their domain controllers as fast as possible. Please refer to Microsoft’s advisory. We published a test tool on Github, which you can download here: https://github.com/SecuraBV/CVE-2020-1472 that can tell you whether a domain controller is vulnerable or not.
If you are interested in the technical details behind this pretty unique vulnerability and how it was discovered,download the whitepaper here.
Monster Beverage tried to stop Ubisoft from trademarking the name “Gods & Monsters” earlier this year to prevent confusion between its brand of highly caffeinated sodas and the upcoming action adventure game. It turns out this is the sort of thing Monster does a lot.
Monster routinely challenges “monster”-related trademarks, including, tactical gear, ice cream, and dog treats.
The news about Gods & Monsters, which Ubisoft announced earlier this month had been renamed Immortals: Fenyx Rising, was first reported by TechRaptor based on publicly available filings with the U.S. Patent and Trademark Office. In a 186-page filing dated April 3, Monster argued in part that the Gods & Monsters name would conflict with its own because of the drink company’s involvement in sponsoring esports teams, tournaments, as well as actual video games. Surely you’ve heard of Monster Energy Supercross: The Official Videogame?
“[Monster] has built up, at great expense and effort, valuable goodwill in its MONSTER Marks and has developed strong common law rights in its MONSTER Marks,” the company wrote. Ubisoft responded a month later with a much briefer eight-page filing denying Monster’s claims.
One of Monster Energy’s claims against Ubisoft’s Gods & Monsters trademark.
Screenshot: Kotaku
The publisher has also claimed that the name change from Gods & Monsters to the inscrutable Immortals: Fenyx Rising was entirely its own idea. “The change of name was entirely because of the vision of the game,” game director Julien Galloudec told VGC in an interview last week. He went on:
The game changed a lot, to the point where we felt we needed a new name to be better aligned with that updated vision, so that’s where we decided to change to Immortals Fenyx Rising, a name that combines the notion of the timeless aspect of the Greek mythology with the immortals. And also I like the new era, Fenyx, and adjoining that epic adventure.
Ubisoft did not respond to a request for comment.
A quick search on the Trademark Office website reveals 25 current pending notices of opposition to other companies using the name “Monster.” The cases range from disputes with other food and beverage companies to seemingly completely unrelated businesses like toy manufacturers.
For example, Monster took issue with Nikko Toys’ line of remote control Mega Monster trucks because it, too, has at one time or another plastered its logo on the sides of toy cars. The company even went after someone trying to sell dog treats called “Monster Bully Sticks,” to which the maker of those dog treats basically responded that it is unlikely anyone would confuse a giant beef tendon for dogs to chew on with a can of Monster Energy.
The brand’s tagline is “Unleash the Beast.” A more appropriate one might be, “Unleash the lawyers.”
Europe’s top court has decided that the continent’s network neutrality rules will stand, rejecting challenges from the telecoms industry.
In a ruling [PDF] on Tuesday, the Court of Justice of the European Union (CJEU) decided that “the requirements to protect internet users’ rights and to treat traffic in a non-discriminatory manner preclude an internet access provider from favouring certain applications and services.”
Or, in other words, people come before telco business models. And that includes the edge case of “zero tariff” arrangements where data caps don’t apply to specific apps or services that the ISP or telco designates. Picture a broadband provider allowing, say, Netflix streams to not count toward subscribers’ monthly download limits, which squeezes Netflix’s competitors out of the market. Blocking access to, traffic slowdowns of, and “fast lanes” for specific applications are also out.
The decision was welcomed by consumer-rights groups and internet companies, though ISPs and telcos are disappointed: they feel the net neutrality rules are too restrictive, and prevent them from bringing in new revenue to replace falling income from traditional telephone lines.
The judgment came after a Hungarian court asked for guidance when one of its telcos, Telenor Magyarorszag, offered a zero-tariff option to subscribers. The country’s technology regulator said that approach broke Europe’s net neutrality rules, which were passed back in 2015, and the telco challenged its decision.
It is, to the best of our knowledge, the first time the CJEU has weighed in on the open internet. Interest in the case was made clear by the number of comments from countries’ governments that were submitted to the court for review: Austria, the Czech Republic, Finland, Germany, the Netherlands, Romania, and Slovenia all weighed in.
[…]
The court said its interpretation of the relevant regulations was that no company had the right to limit people’s right to an open internet and that people exercised those rights “via their internet access service.”
[…]
And, just to stick the knife in, it argued that any “measures blocking or slowing down traffic are based not on objectively different technical quality of service requirements for specific categories of traffic, but on commercial considerations, those measures must in themselves be regarded as incompatible with Article 3(3).”
In essence, Europe’s top court decided that money does not come before people’s rights. In the United States, meanwhile, the issue of net neutrality has everything to do with money.
The UK’s Environmental Audit Committee (EAC) says Apple is still not answering questions relating to its record on the environmental sustainability and repairability of its iStuff.
The EAC – a sounder of Members of Parliament that sit on the select committee in the House of Commons – asked the American company to get involved in the Electronic Waste and Circular Economy inquiry, and Apple had been due to appear before MPs on 16 July but “cancelled is appearance at short notice”.
Committee chairman the Right Honourable Sir Philip Dunne, an MP for Ludlow constituency in Shropshire, then penned a letter [PDF] to Apple boss Tim Apple Cooke early last month and requested a response by Friday last week, 4 September, but the EAC is “yet to receive a substantive reply”, it said.
The contents of the letter, revealed today, points out the anxiety related to the social and environmental footprint of the electronics industry, brought into focus by a United Nations report in July that showed 53.6 million tonnes of so-called e-waste was produced in 2019, up 21 per cent in five years.
Smaller gadgets are often the hardest to collect and recycle, and Apple is one of the largest manufacturers of such equipment worldwide, hence its invitation to partake in the inquiry, EAC said.
In his missive to Cook, Dunne asked 13 questions, including how Apple was tackling past and future carbon emissions; the auditing of third-party emissions in Apple’s supply chain; whether the high price of fixing Apple kit was affecting repairability; what Apple was doing to improve repairability of products; whether Apple would support legislation for repairability standards; what it was doing to take back items being replaced; and a query around plastic packaging.
“Apple has made more than two billion iPhones – a phone for every person in the whole of Africa and Europe,” said Dunne in a statement. “Today, as Apple unveils its next generation of gadgets, my committee continues to wait for answers on what the company is doing to tackle its environmental footprint.”
[…]
For its part, Apple claimed previously that it loses money by repairing customers’ gadgets, which rather flies in the face of Apple’s reluctance to allow independent repair shops to do their thing.
In its 2020 Environmental Progress Report, Apple pledged to reduce 75 per cent of its carbon emissions by 2030 and develop “innovative carbon removal solutions for the remaining 25 percent of its comprehensive footprint”. The highlights of that report can be found here.
The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest “all data stored within the device,” and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard.
The document adds more specifics around the law enforcement hack and subsequent takedown of Encrochat earlier this year. Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking. The operation is one of, if not the, largest law enforcement mass hacking operation to date, with investigators obtaining more than a hundred million encrypted messages.
“The NCA has been collaborating with the Gendarmerie on Encrochat for over 18 months, as the servers are hosted in France. The ultimate objective of this collaboration has been to identify and exploit any vulnerability in the service to obtain content,” the document reads, referring to both the UK’s National Crime Agency and one of the national police forces of France.
As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device, the document reads.
[…]
Encrochat was a company that offered custom-built phones that sent end-to-end encrypted messages to one another. Encrochat took a base Android device, installed its own software, and physically removed the GPS, microphone, and camera functionality to lock down the devices further. These modifications may have impacted what sort of data the malware was actually able to obtain once deployed. Encrochat phones had a panic wipe feature, where if a user entered a particular PIN it would erase data stored on the device. The devices also ran two operating systems that sat side by side; one that appeared to be innocuous, and another that contained the users’ more sensitive communications.
In a previous email to Motherboard a representative of Encrochat said the firm is a legitimate company with clients in 140 countries, and that it sets out “to find the best technology on the market to provide a reliable and secure service for any organization or individual that want[s] to secure their information.” The firm had tens of thousands of users worldwide, and decided to shut itself down after discovering the hack against its network.
Since the shutdown, police across Europe have arrested hundreds of alleged criminals who used the service. Motherboard previously obtained chat logs that prosecutors have presented as evidence against one drug dealer.
Running an encrypted phone company is not typically illegal in-and-of-itself. The U.S. Department of Justice charged Vince Ramos, the CEO of another firm called Phantom Secure with racketeering conspiracy and other charges after an undercover investigation caught him saying the phones were made for drug trafficking. Phantom Secure started as a legitimate firm before catering more to the criminal market. Ramos was sentenced to nine years in prison in May 2019.
How they harvested GPS from devices with the functionality physically removed is a mystery to me, although wifi networks definitely provide a pretty good form of geolocation
Why are the terms “Nazi Germany” and “Mengele” become trending topics on Twitter? The words dominated the social media platform on Monday after it was revealed that a whistleblower has alleged “high numbers” of immigrant women at a U.S. concentration camp in Georgia were sent to be given unnecessary hysterectomies. Many of the women reportedly didn’t know why they were being sent to have the surgery and were all sent to the same doctor, according to the complaint, with one woman describing the facility as an “experimental concentration camp.”
Twitter users made several analogies to various Nazi atrocities on Monday, like the sadistic medical experiments performed on Jews by Josef Mengele during the Holocaust in the 1930s and ‘40s. And while U.S. concentration camps aren’t currently operating as anything close to the European death camps of the Holocaust, there’s still reasonable concern about what the fuck is happening in the U.S. right now under the Trump regime.
The whistleblower, a nurse named Dawn Wooten, worked full time at a concentration camp run by Immigration and Customs Enforcement called the Irwin County Detention Center, until her work hours were cut in July, a result of alleged retaliation for speaking up internally about health and sanitary conditions in the prison. The facility is technically owned by a private company called LaSalle Corrections, much like several other ICE and CBP concentration camps across the U.S. that currently house tens of thousands of detainees under a for-profit model.\
[…]
the most shocking revelations involve many women who were sent to have hysterectomies—a medical procedure to remove the uterus, rendering the women unable to become pregnant and have children—without getting a clear answer on why they were having the surgeries done.
One woman told Project South in 2019 that Irwin sends many women to see a particular gynecologist outside the facility but that some women did not trust him. She also stated that “a lot of women here go through a hysterectomy” at ICDC. More recently, a detained immigrant told Project South that she talked to five different women detained at ICDC between October and December 2019 who had a hysterectomy done. When she talked to them about the surgery, the women “reacted confused when explaining why they had one done.” The woman told Project South that it was as though the women were “trying to tell themselves it’s going to be OK.” She further said: “When I met all these women who had had surgeries, I thought this was like an experimental concentration camp. It was like they’re experimenting with our bodies.”
The whistleblower, nurse Wooten, explained in her own words how one unnamed doctor was allegedly carrying out this mass sterilization effort on immigrant women. Wooten even called the doctor a “uterus collector”:
Everybody he sees has a hysterectomy—just about everybody. He’s even taken out the wrong ovary on a young lady [detained immigrant woman]. She was supposed to get her left ovary removed because it had a cyst on the left ovary; he took out the right one. She was upset. She had to go back to take out the left and she wound up with a total hysterectomy. She still wanted children—so she has to go back home now and tell her husband that she can’t bear kids… she said she was not all the way out under anesthesia and heard him [doctor] tell the nurse that he took the wrong ovary.
[…]
We’ve questioned among ourselves like goodness he’s taking everybody’s stuff out…That’s his specialty, he’s the uterus collector. I know that’s ugly…is he collecting these things or something…Everybody he sees, he’s taking all their uteruses out or he’s taken their tubes out. What in the world.
The complaint also alleges that the women in custody aren’t getting clear communication about what procedure is about to be done on them, with some medical staff in the facility allegedly using Google to translate things from English to Spanish before surgery. Some women were told conflicting things about why they needed to have hysterectomies, like one woman who was given three very different reasons
[…]
ICE did not immediately respond to a request for comment on Tuesday morning, but sent out a statement to several news outlets insisting that, “in general, anonymous, unproven allegations, made without any fact-checkable specifics, should be treated with the appropriate skepticism they deserve.” Notably, that’s not a flat denial of the allegations. And DHS restricts access to the facilities to such a degree that journalists have previously tried to use drones just to get a look inside. Even members of Congress have struggled to get an unfiltered look at what’s happening in these facilities.
ICE and its parent agency, the U.S. Department of Homeland Security, have a history of outright lies and running interference for objectively racist policies. The former head of DHS, Kirstjen Nielsen, lied to Congress on multiple occasions, claiming that the Trump regime did not have a policy of separating families at the U.S.-Mexico border. That was flatly wrong and Nielsen has never been held accountable for the lies, let alone the atrocities she committed against countless asylum seekers. The current head of DHS, Acting Secretary Chad Wolf, has never been confirmed by the Senate and the nonpartisan Government Accountability Office found last month that he was illegally appointed to his position in late 2019. Wolf is still the head of DHS.
In late 2016, Nikola Motor Company founder Trevor Milton unveiled a prototype of the Nikola One truck, claiming it “fully functions and works, which is really incredible.” A couple years later, in January 2018, the company showed the Nikola One truck moving rapidly along a two-lane desert highway. But last week, the short-selling investment firm Hindenburg Research published a bombshell report, accusing Nikola Motors of massive fraud, having no proprietary technology and vastly overstating the capabilities of their prototypes to investors.
Incredibly, “Hindenburg reported that the truck in the ‘Nikola One in motion’ video wasn’t moving under its own power,” reports Ars Technica. “Rather, Nikola had towed the truck to the top of a shallow hill and let it roll down. The company allegedly tilted the camera to make it look like the truck was traveling under its own power on a level roadway.” From the report: On Monday morning, Nikola sent out a lengthy press release titled “Nikola Sets the Record Straight on False and Misleading Short Seller Report.” While the statement nitpicks a number of claims in the Hindenburg report, it tacitly concedes Hindenburg’s main claim about the Nikola One. Nikola now admits that the Nikola One prototype wasn’t functional in December 2016 and still wasn’t functional when the company released the “in motion” video 13 months later. Nikola claims that the gearbox, batteries, inverters, power steering, and some other components of the truck were functional at the time of the December 2016 show. But Nikola doesn’t claim that the truck had a working hydrogen fuel cell or motors to drive the wheels — the two key components Hindenburg stated were missing from the truck in December 2016.
And Nikola now admits that it never got the truck to fully function. “As Nikola pivoted to the next generation of trucks, it ultimately decided not to invest additional resources into completing the process to make the Nikola One drive on its own propulsion,” Nikola wrote in its Monday statement. Instead, Nikola pivoted to working on its next vehicle, the Nikola Two. So what about that video of the Nikola One driving across the desert? “Nikola never stated its truck was driving under its own propulsion in the video,” Nikola wrote. “Nikola described this third-party video on the Company’s social media as ‘In Motion.’ It was never described as ‘under its own propulsion’ or ‘powertrain driven.’ Nikola investors who invested during this period, in which the Company was privately held, knew the technical capability of the Nikola One at the time of their investment.”
The 6,600-word memo, written by former Facebook data scientist Sophie Zhang, is filled with concrete examples of heads of government and political parties in Azerbaijan and Honduras using fake accounts or misrepresenting themselves to sway public opinion. In countries including India, Ukraine, Spain, Brazil, Bolivia, and Ecuador, she found evidence of coordinated campaigns of varying sizes to boost or hinder political candidates or outcomes, though she did not always conclude who was behind them.
“In the three years I’ve spent at Facebook, I’ve found multiple blatant attempts by foreign national governments to abuse our platform on vast scales to mislead their own citizenry, and caused international news on multiple occasions,” wrote Zhang, who declined to talk to BuzzFeed News. Her LinkedIn profile said she “worked as the data scientist for the Facebook Site Integrity fake engagement team” and dealt with “bots influencing elections and the like.”
“I have personally made decisions that affected national presidents without oversight, and taken action to enforce against so many prominent politicians globally that I’ve lost count,” she wrote.
The memo is a damning account of Facebook’s failures. It’s the story of Facebook abdicating responsibility for malign activities on its platform that could affect the political fate of nations outside the United States or Western Europe. It’s also the story of a junior employee wielding extraordinary moderation powers that affected millions of people without any real institutional support, and the personal torment that followed.
“I know that I have blood on my hands by now,” Zhang wrote.
[…]
“There was so much violating behavior worldwide that it was left to my personal assessment of which cases to further investigate, to file tasks, and escalate for prioritization afterwards,” she wrote.
That power contrasted with what she said seemed to be a lack of desire from senior leadership to protect democratic processes in smaller countries. Facebook, Zhang said, prioritized regions including the US and Western Europe, and often only acted when she repeatedly pressed the issue publicly in comments on Workplace, the company’s internal, employee-only message board.
“With no oversight whatsoever, I was left in a situation where I was trusted with immense influence in my spare time,” she wrote. “A manager on Strategic Response mused to myself that most of the world outside the West was effectively the Wild West with myself as the part-time dictator – he meant the statement as a compliment, but it illustrated the immense pressures upon me.”
A former Facebook engineer who knew her told BuzzFeed News that Zhang was skilled at discovering fake account networks on the platform.
[…]
“I have made countless decisions in this vein – from Iraq to Indonesia, from Italy to El Salvador,” she wrote. “Individually, the impact was likely small in each case, but the world is a vast place.”
Still, she did not believe that the failures she observed during her two and a half years at the company were the result of bad intent by Facebook’s employees or leadership. It was a lack of resources, Zhang wrote, and the company’s tendency to focus on global activity that posed public relations risks, as opposed to electoral or civic harm.
“Facebook projects an image of strength and competence to the outside world that can lend itself to such theories, but the reality is that many of our actions are slapdash and haphazard accidents,” she wrote.
A really good insight into the problems that Faebook has to look at. I’m pretty sure that it’s not Facebook ignoring the problem, it’s that their solution was in the person of the whislteblower, who felt underappreciated and alone and seems to have been unable to garner support within Facebook for more resources.
In August, security researcher Volodymyr Diachenko discovered a misconfigured Elasticsearch cluster, owned by gaming hardware vendor Razer, exposing customers’ PII (Personal Identifiable Information).
The cluster contained records of customer orders and included information such as item purchased, customer email, customer (physical) address, phone number, and so forth—basically, everything you’d expect to see from a credit card transaction, although not the credit card numbers themselves. The Elasticseach cluster was not only exposed to the public, it was indexed by public search engines.
[…]
One of the things Razer is well-known for—aside from their hardware itself—is requiring a cloud login for just about anything related to that hardware. The company offers a unified configuration program, Synapse, which uses one interface to control all of a user’s Razer gear.
Until last year, Synapse would not function—and users could not configure their Razer gear, for example change mouse resolution or keyboard backlighting—without logging in to a cloud account. Current versions of Synapse allow locally stored profiles for off-Internet use and what the company refers to as “Guest mode” to bypass the cloud login.
Many gamers are annoyed by the insistence on a cloud account for hardware configuration that doesn’t seem to really be enhanced by its presence. Their pique is understandable, because the pervasive cloud functionality comes with cloud vulnerabilities. Over the last year, Razer awarded a single HackerOne user, s3cr3tsdn, 28 separate bounties.
We applaud Razer for offering and paying bug bounties, of course, but it’s difficult to forget that those vulnerabilities wouldn’t have been there (and globally exploitable), if Razer hadn’t tied their device functionality so thoroughly to the cloud in the first place.
Alphabet Inc.’s Google faces a multibillion-dollar lawsuit in the U.K. over claims that YouTube routinely breaks privacy laws by tracking children online.
The suit, filed on behalf of more than 5 million British children under 13 and their parents, is being brought by privacy campaigner Duncan McCann and being supported by Foxglove, a tech justice group. The claimants estimate that if they’re successful, there would be as much as 2.5 billion pounds ($3.2 billion) in compensation, worth between 100 to 500 pounds per child.
The filing alleges that YouTube’s methods of targeting underage audiences constitute “major breaches” of U.K. and European privacy and data rules designed to protect citizens’ control over their own private information. YouTube has “systematically broken these laws by harvesting children’s data without obtaining prior parental consent,” it alleges.
A spokesperson for YouTube declined to comment on the lawsuit Monday but added that the video streaming service isn’t designed for users under the age of 13.
“We launched the YouTube Kids app as a dedicated destination for kids and are always working to better protect kids and families on YouTube,” the company said in an emailed statement.
An international team of astronomers, led by Professor Jane Greaves of Cardiff University, today announced the discovery of a rare molecule—phosphine—in the clouds of Venus. On Earth, this gas is only made industrially, or by microbes that thrive in oxygen-free environments.
[…]
finding that phosphine is present but scarce—only about twenty molecules in every billion.
The astronomers then ran calculations to see if the phosphine could come from natural processes on Venus. They caution that some information is lacking—in fact, the only other study of phosphorus on Venus came from one lander experiment, carried by the Soviet Vega 2 mission in 1985.
Massachusetts Institute of Technology scientist Dr. William Bains led the work on assessing natural ways to make phosphine. Some ideas included sunlight, minerals blown upwards from the surface, volcanoes, or lightning, but none of these could make anywhere near enough of it. Natural sources were found to make at most one ten thousandth of the amount of phosphine that the telescopes saw.
To create the observed quantity of phosphine on Venus, terrestrial organisms would only need to work at about 10% of their maximum productivity, according to calculations by Dr. Paul Rimmer of Cambridge University. Any microbes on Venus will likely be very different to their Earth cousins though, to survive in hyper-acidic conditions.
[…]
She comments: “Finding phosphine on Venus was an unexpected bonus! The discovery raises many questions, such as how any organisms could survive. On Earth, some microbes can cope with up to about 5% of acid in their environment—but the clouds of Venus are almost entirely made of acid.”
[…]
confirming the presence of “life” needs a lot more work. Although the high clouds of Venus have temperatures up to a pleasant 30 degrees centigrade, they are incredibly acidic—around 90% sulphuric acid—posing major issues for microbes to survive there.
Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people’s coins, said to be worth $5.4m.
The plug was pulled on the digital dosh exchange as a result, though it may return at some point: it claims to have enough capital to surmount the cyber-heist. Investigations by staff and law enforcement are ongoing.
“We want to inform our users that we have enough capital to meet all our obligations,” the site’s operators said in a statement.
“We want to reassure everyone that this event won’t stop our journey. After the security audit of renowned global companies, our operations will continue. We will announce the date of the reopening of the ETERBASE Exchange platform as soon as possible.”
The database built by Shenzhen Zhenhua from a variety of sources is technically complex using very advanced language, targeting, and classification tools. Shenzhen Zhenhua claims to work with, and our research supports, Chinese intelligence, military, and security agencies use the open information environment we in open liberal democracies take for granted to target individuals and institutions. Our research broadly support their claims.
The information specifically targets influential individuals and institutions across a variety of industries. From politics to organized crime or technology and academia just to name a few, the database flows from sectors the Chinese state and linked enterprises are known to target.
The breadth of data is also staggering. It compiles information on everyone from key public individuals to low level individuals in an institution to better monitor and understand how to exert influence when needed.
Compiling public and non-public personal and institutional data, Shenzhen Zhenhua has likely broken numerous laws in foreign jurisdictions. Claiming to partner with state intelligence and security services in China, Shenzhen Zhenhua operates collection centers in foreign countries that should be considered for investigation in those jurisdictions.
s that should be considered for investigation in those jurisdictions.
The personal details of millions of people around the world have been swept up in a database compiled by a Chinese tech company with reported links to the country’s military and intelligence networks, according to a trove of leaked data.
About 2.4 million people are included in the database, assembled mostly based on public open-source data such as social media profiles, analysts said. It was compiled by Zhenhua Data, based in the south-eastern Chinese city of Shenzhen.
Internet 2.0, a cybersecurity consultancy based in Canberra whose customers include the US and Australian governments, said it had been able to recover the records of about 250,000 people from the leaked dataset, including about 52,000 Americans, 35,000 Australians and nearly 10,000 Britons. They include politicians, such as prime ministers Boris Johnson and Scott Morrison and their relatives, the royal family, celebrities and military figures.
When contacted by the Guardian for comment, a representative of Zhenhua said: “The report is seriously untrue.”
“Our data are all public data on the internet. We do not collect data. This is just a data integration. Our business model and partners are our trade secrets. There is no database of 2 million people,” said the representative surnamed Sun, who identified herself as head of business.
“We are a private company,” she said, denying any links to the Chinese government or military. “Our customers are research organisations and business groups.”
